mgmresorts-okta.com Open in urlscan Pro
45.32.129.145 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mgmresorts-okta.com/
Effective URL:
https://mgmresorts-okta.com/
Submission: On August 06 via api (August 6th 2022, 8:03:38 am UTC) from US — Scanned from DE

Summary HTTP 11 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 11 HTTP transactions. The main IP is 45.32.129.145, located in San Jose, United States and belongs to AS-CHOOPA, US. The main domain is mgmresorts-okta.com.
TLS certificate: Issued by R3 on August 4th 2022. Valid for: 3 months.

This is the only time mgmresorts-okta.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MGM Resorts (Hospitality)

Domain & IP information

	IP Address	AS Autonomous System
1 2	45.32.129.145 45.32.129.145	20473 (AS-CHOOPA) (AS-CHOOPA)
7	18.66.122.82 18.66.122.82	16509 (AMAZON-02) (AMAZON-02)
1	13.248.168.94 13.248.168.94	16509 (AMAZON-02) (AMAZON-02)
2	108.138.7.107 108.138.7.107	16509 (AMAZON-02) (AMAZON-02)
11	5

2 45.32.129.145 (San Jose, United States) 1 redirects

ASN20473 (AS-CHOOPA, US)
PTR: 45.32.129.145.vultrusercontent.com

mgmresorts-okta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.66.122.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-82.fra60.r.cloudfront.net

ok3static.oktacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.248.168.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: a1aa626c4e9a25e01.awsglobalaccelerator.com

mgmresorts.okta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.7.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-107.fra56.r.cloudfront.net

login.okta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	oktacdn.com ok3static.oktacdn.com — Cisco Umbrella Rank: 35306	785 KB
3	okta.com mgmresorts.okta.com login.okta.com — Cisco Umbrella Rank: 6368	99 KB
2	mgmresorts-okta.com 1 redirects mgmresorts-okta.com	7 KB
11	3

	Domain	Requested by
7	ok3static.oktacdn.com	mgmresorts-okta.com ok3static.oktacdn.com
2	login.okta.com	mgmresorts-okta.com login.okta.com
2	mgmresorts-okta.com	1 redirects
1	mgmresorts.okta.com	mgmresorts-okta.com
11	4

This site contains links to these domains. Also see Links.

Domain
mgmresorts.service-now.com
mgmresorts.okta.com

Subject Issuer	Validity	Valid
mgmresorts-okta.com R3	`2022-08-04` - `2022-11-02`	3 months	crt.sh
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-22` - `2023-01-22`	a year	crt.sh
*.okta.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-07` - `2023-04-07`	a year	crt.sh
accounts.okta.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-13` - `2023-07-25`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://mgmresorts-okta.com/
Frame ID: 16435E2A22D383EB7F714277669949D2
Requests: 10 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: 88CC6B6F56E069F933846FD5CD4D40C7
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MGM Resorts - Prod - Sign In

Page URL History Show full URLs

http://mgmresorts-okta.com/ HTTP 302
https://mgmresorts-okta.com/ Page URL

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

1
Countries

892 kB
Transfer

2260 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://mgmresorts.service-now.com/vap
Title: Servicenow Password Reset

Search URL Search Domain Scan URL

URL: https://mgmresorts.okta.com/help/login
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mgmresorts-okta.com/ HTTP 302
https://mgmresorts-okta.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
mgmresorts-okta.com/
Redirect Chain

http://mgmresorts-okta.com/
https://mgmresorts-okta.com/

20 KB
7 KB

493ms
174ms

Document
text/html

45.32.129.145
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://mgmresorts-okta.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 45.32.129.145 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.32.129.145.vultrusercontent.com
Software: nginx/1.18.0 /
Resource Hash: fb1d07ab6c54c7380a93a507b48bc5ba0aee77ca32b7d4c57c38f007857a6fd1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Sat, 06 Aug 2022 08:03:33 GMT
Server: nginx/1.18.0
Transfer-Encoding: chunked
Vary: Cookie

Redirect headers

Connection: keep-alive
Content-Length: 145
Content-Type: text/html
Date: Sat, 06 Aug 2022 08:03:33 GMT
Location: https://mgmresorts-okta.com/
Server: nginx/1.18.0

GET
H2 200 okta-sign-in.min.js Show response
ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/js/ 2 MB
488 KB 56ms
9ms Script
application/javascript 18.66.122.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/js/okta-sign-in.min.js

Requested by

Host: mgmresorts-okta.com
URL: https://mgmresorts-okta.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.82 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-82.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

7b3f073865815118149ad5b7fdb7febf99e982e91f8bc77f8b487833e4fb2fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mgmresorts-okta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
etag: W/"b296b75ca93a3cc3bc7f5ebbe7baf00b"
age: 298918
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Tue, 12 Jul 2022 20:34:19 GMT
server: nginx
date: Tue, 02 Aug 2022 21:01:36 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: c6uwL3QzHVr3vsh8jUTbhh9g4533hJnTYsi-kZT7nrjzgjYOTlaFeQ==
expires: Wed, 02 Aug 2023 21:01:36 GMT

GET
H2 200 okta-sign-in.min.css
ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/css/ 218 KB
37 KB 56ms
10ms Stylesheet
text/css 18.66.122.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/css/okta-sign-in.min.css

Requested by

Host: mgmresorts-okta.com
URL: https://mgmresorts-okta.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.82 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-82.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

2635046d09ef0374ef304162e727ea5639b46e6ed9daaadc0f06b692e872d160

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mgmresorts-okta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
etag: W/"fc5d7b8907e84ab50a0afec6e3a7a749"
age: 298918
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Tue, 12 Jul 2022 20:33:02 GMT
server: nginx
date: Tue, 02 Aug 2022 21:01:36 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: 2XBHJUJmCYGgZ0aIUShRJjOp2HRfQ96lxboWC2vyPMBV4YB7ugaW0Q==
expires: Wed, 02 Aug 2023 21:01:36 GMT

GET
H2 200 loginpage-theme.6ca7f7a516a56275837982a82a0a7533.css
ok3static.oktacdn.com/assets/loginpage/css/ 3 KB
2 KB 54ms
8ms Stylesheet
text/css 18.66.122.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok3static.oktacdn.com/assets/loginpage/css/loginpage-theme.6ca7f7a516a56275837982a82a0a7533.css

Requested by

Host: mgmresorts-okta.com
URL: https://mgmresorts-okta.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.82 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-82.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

275808002d37771e00fc126cd4c7ffd593c773c4cf7aebf81a2192292917455c

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mgmresorts-okta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
content-encoding: gzip
etag: W/"6ca7f7a516a56275837982a82a0a7533"
age: 112454
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Tue, 22 Mar 2022 20:44:59 GMT
server: nginx
date: Fri, 05 Aug 2022 00:49:20 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront)
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA60-P2
x-amz-cf-id: yTzJlUSqDVMMZFkG6MPgoZqkTIRBMqNb2K2V55hAzz-UwZguUQuq3A==
expires: Sat, 05 Aug 2023 00:49:20 GMT

GET
H2 200 style-sheet
mgmresorts.okta.com/api/internal/brand/theme/ 556 B
2 KB 339ms
112ms Stylesheet
text/css 13.248.168.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mgmresorts.okta.com/api/internal/brand/theme/style-sheet?touch-point=SIGN_IN_PAGE&v=28d025743b8fc0765a7cfe4c08fdf2a9

Requested by

Host: mgmresorts-okta.com
URL: https://mgmresorts-okta.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.248.168.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a1aa626c4e9a25e01.awsglobalaccelerator.com

Software

nginx /

Resource Hash

9af30b5e4695010f9be253f861784e638c81274ca0390214629886029ca9b509

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' mgmresorts.okta.com .oktacdn.com; connect-src 'self' mgmresorts.okta.com mgmresorts-admin.okta.com .oktacdn.com .mixpanel.com .mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com mgmresorts.kerberos.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' mgmresorts.okta.com .oktacdn.com; style-src 'unsafe-inline' 'self' mgmresorts.okta.com .oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-src 'self' mgmresorts.okta.com mgmresorts-admin.okta.com login.okta.com; img-src 'self' mgmresorts.okta.com .oktacdn.com .tiles.mapbox.com .mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com data: blob:; font-src 'self' mgmresorts.okta.com data: .oktacdn.com fonts.gstatic.com
Strict-Transport-Security	max-age=315360000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mgmresorts-okta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-okta-request-id: Yu4gVl6LF8wAABTC0IEiWwAAAb8
date: Sat, 06 Aug 2022 08:03:34 GMT
content-encoding: gzip
x-rate-limit-limit: 12000
x-rate-limit-remaining: 11999
content-security-policy-report-only: default-src 'self' mgmresorts.okta.com *.oktacdn.com; connect-src 'self' mgmresorts.okta.com mgmresorts-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com mgmresorts.kerberos.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' mgmresorts.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' mgmresorts.okta.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-src 'self' mgmresorts.okta.com mgmresorts-admin.okta.com login.okta.com; img-src 'self' mgmresorts.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com data: blob:; font-src 'self' mgmresorts.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
p3p: CP="HONK"
vary: Accept-Encoding
x-xss-protection: 0
server: nginx
expect-ct: report-uri="https://oktaexpectct.report-uri.com/r/t/ct/reportOnly", max-age=0
strict-transport-security: max-age=315360000; includeSubDomains
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
cache-control: max-age=31536000, must-revalidate
x-rate-limit-reset: 1659773074
content-security-policy: default-src 'self' mgmresorts.okta.com *.oktacdn.com; connect-src 'self' mgmresorts.okta.com mgmresorts-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com mgmresorts.kerberos.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' mgmresorts.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' mgmresorts.okta.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com; frame-src 'self' mgmresorts.okta.com mgmresorts-admin.okta.com login.okta.com; img-src 'self' mgmresorts.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com data: blob:; font-src 'self' mgmresorts.okta.com data: *.oktacdn.com fonts.gstatic.com
content-type: text/css
x-content-type-options: nosniff
expires: Sun, 06 Aug 2023 08:03:34 GMT

GET
H2 200 fs08iz3etmGQTYQRGEXR
ok3static.oktacdn.com/fs/bco/1/ 8 KB
9 KB 9ms
9ms Image
image/png 18.66.122.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok3static.oktacdn.com/fs/bco/1/fs08iz3etmGQTYQRGEXR

Requested by

Host: mgmresorts-okta.com
URL: https://mgmresorts-okta.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.82 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-82.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

cbcdc1aae2fb087060f74c839b693796e90f45a98d1ae9f0fed80e695054301d

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mgmresorts-okta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront)
etag: "a64fd1a1cbf619df65af80106a243bd7"
age: 280546
x-cache: Hit from cloudfront
content-length: 7966
last-modified: Mon, 08 Jul 2019 20:09:29 GMT
server: nginx
date: Wed, 03 Aug 2022 02:07:48 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
x-amz-cf-id: hOxyY0iA5WuhjstW1AFdglfapdnFKnM6ZYb9gNnzHKVKR7VRFly3ng==
expires: Thu, 03 Aug 2023 02:07:48 GMT

GET
H/1.1 200
OK iframe.html Show response
login.okta.com/discovery/ Frame 88CC 546 B
986 B 64ms
8ms Document
text/html 108.138.7.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://login.okta.com/discovery/iframe.html
Requested by: Host: mgmresorts-okta.com
URL: https://mgmresorts-okta.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-107.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c71558cf94e0875c93b552d52dd5974ae4697ba14e5a8d7c3694247a291ca9b8

Request headers

Referer: https://mgmresorts-okta.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 31231
Connection: keep-alive
Content-Length: 546
Content-Type: text/html
Date: Fri, 05 Aug 2022 23:23:04 GMT
ETag: "718a4c5e710186377bad84fea3c1ebec"
Last-Modified: Thu, 13 Jan 2022 19:10:54 GMT
Server: AmazonS3
Via: 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront)
X-Amz-Cf-Id: yGdxZLQKwnvGaeTnnIzsvq9mB3xIRYt2cvWnYXmxXaRJQmLfzbiczA==
X-Amz-Cf-Pop: FRA56-P6
X-Cache: Hit from cloudfront

GET
H2 200 fs01b59vhtyLn6peC1d8
ok3static.oktacdn.com/fs/bco/7/ 204 KB
205 KB 36ms
36ms Image
image/png 18.66.122.82
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ok3static.oktacdn.com/fs/bco/7/fs01b59vhtyLn6peC1d8

Requested by

Host: mgmresorts-okta.com
URL: https://mgmresorts-okta.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.82 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-82.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

4f09d6baba302138f3b0180caa5e8c39b8be9310d000e7d03e20cb8328c1b0ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mgmresorts-okta.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront)
etag: "c5711f90a8bd8e5a0d15e65622ec6e65"
age: 305399
x-cache: Hit from cloudfront
content-length: 208758
last-modified: Tue, 09 Jul 2019 13:34:57 GMT
server: nginx
date: Tue, 02 Aug 2022 19:13:35 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
x-amz-cf-id: DinrB8_ADB95BQ_2uSmydpKYCmQRQsJFIA6a7R61ozyrbMUgASAqKw==
expires: Wed, 02 Aug 2023 19:13:35 GMT

GET
DATA 200
OK truncated
/ 318 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3ba73f75360efd1e119b4be51ab2d2b78eefe1a3474f8fb0608f7b876194a17d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 montserrat-light-webfont.woff
ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/font/ 22 KB
22 KB 53ms
11ms Font
application/font-woff 18.66.122.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/font/montserrat-light-webfont.woff

Requested by

Host: ok3static.oktacdn.com
URL: https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/css/okta-sign-in.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.82 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-82.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Referer: https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/css/okta-sign-in.min.css
Origin: https://mgmresorts-okta.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
etag: "6225f3ca44b83090833064727a09cc95"
age: 298917
x-cache: Hit from cloudfront
content-length: 22112
last-modified: Tue, 12 Jul 2022 20:33:03 GMT
server: nginx
date: Tue, 02 Aug 2022 21:01:37 GMT
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
x-amz-cf-id: 21LO7ERVpttZjkvpb0BWEYmqcxJJK35j6CtjmJ7WPIPs1XYDCaAxcA==
expires: Wed, 02 Aug 2023 21:01:37 GMT

GET
H2 200 montserrat-regular-webfont.woff
ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/font/ 21 KB
22 KB 55ms
17ms Font
application/font-woff 18.66.122.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/font/montserrat-regular-webfont.woff

Requested by

Host: ok3static.oktacdn.com
URL: https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/css/okta-sign-in.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.82 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-82.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Referer: https://ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/css/okta-sign-in.min.css
Origin: https://mgmresorts-okta.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=315360000; includeSubDomains
via: 1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
etag: "8f2822b73b5f9c106c6f2e0db820bcbb"
age: 298917
x-cache: Hit from cloudfront
content-length: 21980
last-modified: Tue, 12 Jul 2022 20:33:03 GMT
server: nginx
date: Tue, 02 Aug 2022 21:01:37 GMT
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
public-key-pins-report-only: pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
x-amz-cf-pop: FRA60-P2
accept-ranges: bytes
x-amz-cf-id: 7h58FWLrCGpd2Fs9ThJ_bwBKrxQn4cSBugIpcYoaH79HFZHwx0aAMQ==
expires: Wed, 02 Aug 2023 21:01:37 GMT

GET
H/1.1 200
OK discoveryIframe-82e613074a3700abe11a.min.js Show response
login.okta.com/lib/ Frame 88CC 96 KB
96 KB 9ms
8ms Script
application/javascript 108.138.7.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://login.okta.com/lib/discoveryIframe-82e613074a3700abe11a.min.js
Requested by: Host: login.okta.com
URL: https://login.okta.com/discovery/iframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-107.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e899060d294cd2e7db4544c88c031272590fe5f9b72a8334dc42ee1f1868ce6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://login.okta.com/discovery/iframe.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Sat, 06 Aug 2022 02:59:42 GMT
Via: 1.1 c0c6d7afa25d841027d75444425d2010.cloudfront.net (CloudFront)
Last-Modified: Thu, 13 Jan 2022 19:10:55 GMT
Server: AmazonS3
Age: 18284
ETag: "70070512d01d6451663d06e41f3a5913"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA56-P6
Content-Length: 97948
X-Amz-Cf-Id: VgRhxgSsG8HcyeyZPoc22YinrKssFxaDGAUPR5mvWLG1ig3rNnCeKg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MGM Resorts (Hospitality)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			mgmresorts-okta.com/	1969-12-31 23:59:59	Name: session Value: eyJwYXRoIjoiLyJ9.Yu4gVQ.hp4zF5ga1XIT_P_h7PoIR-AN0ZI

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.okta.com
mgmresorts-okta.com
mgmresorts.okta.com
ok3static.oktacdn.com
108.138.7.107
13.248.168.94
18.66.122.82
45.32.129.145
1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3
2635046d09ef0374ef304162e727ea5639b46e6ed9daaadc0f06b692e872d160
275808002d37771e00fc126cd4c7ffd593c773c4cf7aebf81a2192292917455c
3ba73f75360efd1e119b4be51ab2d2b78eefe1a3474f8fb0608f7b876194a17d
4f09d6baba302138f3b0180caa5e8c39b8be9310d000e7d03e20cb8328c1b0ec
7b3f073865815118149ad5b7fdb7febf99e982e91f8bc77f8b487833e4fb2fc4
9af30b5e4695010f9be253f861784e638c81274ca0390214629886029ca9b509
c71558cf94e0875c93b552d52dd5974ae4697ba14e5a8d7c3694247a291ca9b8
cbcdc1aae2fb087060f74c839b693796e90f45a98d1ae9f0fed80e695054301d
e899060d294cd2e7db4544c88c031272590fe5f9b72a8334dc42ee1f1868ce6a
fb1d07ab6c54c7380a93a507b48bc5ba0aee77ca32b7d4c57c38f007857a6fd1
feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace

mgmresorts-okta.com Open in urlscan Pro 45.32.129.145 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

5 IPs

1 Countries

892 kBTransfer

2260 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

1 Cookies

Indicators

mgmresorts-okta.com Open in urlscan Pro
45.32.129.145 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

1
Countries

892 kB
Transfer

2260 kB
Size

1
Cookies

11 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!